Weekly Vulnerabilities Reports > September 15 to 21, 2008

Overview

85 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 82 products from 54 vendors including Apple, Microsoft, Debian, Joomla, and Gallery. Vulnerabilities are notably categorized as "SQL Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 74 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-18 CVE-2008-2468 Landesk Buffer Errors vulnerability in Landesk products

Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.

10.0
2008-09-16 CVE-2008-3616 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

10.0
2008-09-16 CVE-2008-2437 Trend Micro Buffer Errors vulnerability in Trend Micro Client-Server-Messaging Security and Officescan

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

10.0
2008-09-16 CVE-2008-4095 Flip4Mac Unspecified vulnerability in Flip4Mac WMV

Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713.

10.0
2008-09-19 CVE-2008-4132 Componentone Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Componentone Vsflexgrid 7.0.1.151/8.0.20072.239

Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method.

9.3
2008-09-18 CVE-2008-4128 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS 12.4

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI.

9.3
2008-09-18 CVE-2008-2470 Macrovision Buffer Overflow vulnerability in Macrovision Flexnet Connect 6.0

The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.

9.3
2008-09-18 CVE-2008-4101 VIM Improper Input Validation vulnerability in VIM

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

9.3
2008-09-18 CVE-2008-4116 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime

Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.

9.3
2008-09-18 CVE-2008-3961 Adobe Remote Code Execution vulnerability in Adobe Illustrator CS2

Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.

9.3
2008-09-18 CVE-2008-1093 Acresso Code Injection vulnerability in Acresso Flexnet Connect and Intallshield Update Agent

Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.

9.3
2008-09-16 CVE-2008-4111 IBM Unspecified vulnerability in IBM WebSphere Application Server 'FileServing' Feature

Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.

9.3
2008-09-16 CVE-2008-3621 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

9.3
2008-09-16 CVE-2008-3608 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

9.3
2008-09-16 CVE-2008-2332 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

9.3
2008-09-16 CVE-2008-2305 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

9.3
2008-09-16 CVE-2008-3618 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.

9.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-18 CVE-2008-4096 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

8.5
2008-09-19 CVE-2008-4155 Easybrik Path Traversal vulnerability in Easybrik Easysite 2.3

Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a ..

7.8
2008-09-19 CVE-2008-4135 S60
Nokia
Resource Management Errors vulnerability in S60 Symbian OS Unknown

Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.

7.8
2008-09-18 CVE-2008-4117 SUN Remote Denial of Service vulnerability in SUN Management Center 3.6.1/4.0

Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8
2008-09-15 CVE-2008-4077 DWS Systems INC
Ledgersmb
SQL Ledger
Resource Management Errors vulnerability in multiple products

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

7.8
2008-09-16 CVE-2008-3610 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

7.6
2008-09-16 CVE-2008-4110 Microsoft Buffer Errors vulnerability in Microsoft SQL Server 2000

Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method.

7.6
2008-09-19 CVE-2008-4154 Living E SQL Injection vulnerability in Living-E Webedition CMS

SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.

7.5
2008-09-19 CVE-2008-4134 Phprealty Code Injection vulnerability in PHPrealty 0.021/0.022/0.023

PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.

7.5
2008-09-18 CVE-2008-4105 Joomla Improper Input Validation vulnerability in Joomla

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

7.5
2008-09-18 CVE-2008-4102 Joomla Numeric Errors vulnerability in Joomla

Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

7.5
2008-09-15 CVE-2008-4092 Myphpnuke SQL Injection vulnerability in Myphpnuke 1.8.87/1.8.88

SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.

7.5
2008-09-15 CVE-2008-4090 Couponscript SQL Injection vulnerability in Couponscript Coupon Script 4.0

SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.

7.5
2008-09-15 CVE-2008-4088 Myphpnuke SQL Injection vulnerability in Myphpnuke 1.8.87/1.8.88

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2008-09-15 CVE-2008-4086 Source Workshop SQL Injection vulnerability in Source Workshop Reciprocal Links Manager 1.1

SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

7.5
2008-09-15 CVE-2008-4081 Stash Improper Authentication vulnerability in Stash 1.0.3

admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.

7.5
2008-09-15 CVE-2008-4074 Zanfi Solutions SQL Injection vulnerability in Zanfi Solutions Autodealers CMS Autonline

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

7.5
2008-09-15 CVE-2008-4073 Zanfi Solutions SQL Injection vulnerability in Zanfi Solutions Autodealers CMS Autonline

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.

7.5
2008-09-15 CVE-2008-4072 Phsdev SQL Injection vulnerability in Phsdev Phsblog 0.2

Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.

7.5
2008-09-19 CVE-2008-4131 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10/8/9

Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.

7.2
2008-09-18 CVE-2008-4108 Python Software Foundation Link Following vulnerability in Python Software Foundation Python 2.4.5

Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file.

7.2
2008-09-16 CVE-2008-3609 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

7.2
2008-09-16 CVE-2008-4114 Microsoft Resource Management Errors vulnerability in Microsoft products

srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

7.1

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-19 CVE-2008-4156 Customcms SQL Injection vulnerability in Customcms Gaming Portal 4.0

SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2008-09-18 CVE-2008-3195 Twiki Path Traversal vulnerability in Twiki

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a ..

6.8
2008-09-15 CVE-2008-4093 Yourownbux SQL Injection vulnerability in Yourownbux 3.1/3.2

SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.

6.8
2008-09-15 CVE-2008-4091 Source Workshop SQL Injection vulnerability in Source Workshop web Directory Script 1.5.3

SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

6.8
2008-09-15 CVE-2008-4087 Acoustica Buffer Errors vulnerability in Acoustica Beatcraft 1.02

Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.

6.8
2008-09-15 CVE-2008-4084 Myiosoft SQL Injection vulnerability in Myiosoft Easyclassifields 3.0

SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.

6.8
2008-09-15 CVE-2008-4080 Stash SQL Injection vulnerability in Stash 1.0.3

SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php.

6.8
2008-09-15 CVE-2008-4075 Dino Path Traversal vulnerability in Dino D-Iscussion Board 3.01

Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a ..

6.8
2008-09-15 CVE-2008-4078 DWS Systems INC
Ledgersmb
SQL Ledger
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2008-09-18 CVE-2008-4126 Debian Configuration vulnerability in Debian Python-Dns

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

6.4
2008-09-18 CVE-2008-4100 GNU Configuration vulnerability in GNU Adns

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

6.4
2008-09-18 CVE-2008-4099 Debian Configuration vulnerability in Debian Python-Dns

PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

6.4
2008-09-16 CVE-2008-3611 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

6.3
2008-09-16 CVE-2008-3613 Apple Resource Management Errors vulnerability in Apple mac OS X 10.5.2/10.5.3/10.5.4

Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.

6.1
2008-09-18 CVE-2008-4104 Joomla Link Following vulnerability in Joomla

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

5.8
2008-09-18 CVE-2008-4107 PHP Numeric Errors vulnerability in PHP

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

5.1
2008-09-18 CVE-2008-4106 Wordpress Improper Input Validation vulnerability in Wordpress

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

5.1
2008-09-18 CVE-2008-3662 Gallery Cryptographic Issues vulnerability in Gallery

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2008-09-18 CVE-2008-4125 Phpbb Information Exposure vulnerability in PHPbb 2

The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.

5.0
2008-09-18 CVE-2008-4103 Joomla Improper Input Validation vulnerability in Joomla COM Mailto

The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.

5.0
2008-09-18 CVE-2008-4109 Debian
Openbsd
Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts.

5.0
2008-09-16 CVE-2008-4115 Talkback Information Exposure vulnerability in Talkback 2.3.6

TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.

5.0
2008-09-16 CVE-2008-3950 Apple Numeric Errors vulnerability in Apple Iphone, Ipod Touch and Safari

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

5.0
2008-09-16 CVE-2008-3617 Apple Credentials Management vulnerability in Apple mac OS X and mac OS X Server

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

5.0
2008-09-16 CVE-2008-2331 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

5.0
2008-09-15 CVE-2008-4071 Adobe
Microsoft
Improper Input Validation vulnerability in Adobe Acrobat 9

A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.

5.0
2008-09-16 CVE-2008-2330 Apple Information Exposure vulnerability in Apple mac OS X Server

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

4.9
2008-09-16 CVE-2008-2312 Apple Credentials Management vulnerability in Apple mac OS X and mac OS X Server

Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

4.9
2008-09-16 CVE-2008-4113 Linux Information Exposure vulnerability in Linux Kernel

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

4.7
2008-09-18 CVE-2008-4098 Canonical
Debian
Mysql
Oracle
Link Following vulnerability in multiple products

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.

4.6
2008-09-18 CVE-2008-4097 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Mysql 5.0.51A

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future.

4.6
2008-09-15 CVE-2008-4082 Brim Project SQL Injection vulnerability in Brim-Project Brim 2.0.0

SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.

4.6
2008-09-15 CVE-2008-4085 Stephenjungels Link Following vulnerability in Stephenjungels Plait

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.

4.4
2008-09-19 CVE-2008-4133 D Link Improper Input Validation vulnerability in D-Link Dir-100 1.02/1.12

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

4.3
2008-09-18 CVE-2008-4130 Gallery Cross-Site Scripting vulnerability in Gallery

Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."

4.3
2008-09-18 CVE-2008-4127 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 7.0.5730/8.0.6001

Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.

4.3
2008-09-18 CVE-2008-4118 High Norm Cross-Site Scripting vulnerability in High Norm Sound Master 2ND 1.0

Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-09-16 CVE-2008-3622 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

4.3
2008-09-15 CVE-2008-4089 Myphpnuke Cross-Site Scripting vulnerability in Myphpnuke 1.8.87/1.8.88

Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

4.3
2008-09-15 CVE-2008-4079 SIX Apart Cross-Site Scripting vulnerability in SIX Apart Movable Type

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-09-15 CVE-2008-4076 TOR World Cross-Site Scripting vulnerability in TOR World products

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

4.3
2008-09-18 CVE-2008-4129 Gallery Path Traversal vulnerability in Gallery

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-15 CVE-2008-4083 Brim Project Cross-Site Scripting vulnerability in Brim-Project Brim 2.0.0

Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php.

3.5
2008-09-16 CVE-2008-3619 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

2.1
2008-09-16 CVE-2008-2329 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

1.9